Currently, in a client-server computing environment the transmission of sensitive data may be protected in transit using a variety of means, such as establishing a Transport Layer Security (TLS) protected session between the client and server. TLS is a cryptographic protocol that provides communication security over the Internet. TLS uses asymmetric cryptography for authentication of key exchange, symmetric encryption for confidentiality, and message authentication codes for message integrity. Several versions of the protocol are in widespread use in applications such as web browsing, electronic mail, Internet faxing, instant messaging, and voice-over-IP (VoIP).
On the server sensitive information which had been encrypted during transmission is decrypted and available to the server application as cleartext (i.e., “in the clear”). Similarly, sensitive information that is sent from the server to the client is in the clear on the server before it is encrypted for transmission. As such, this cleartext sensitive information may be subject to disclosure on the server in memory dumps, through the use of debug tools that can be used to look into an application's memory, or by other means such as compromised or errant application logic.
Therefore, a high level security risk exists since there is a potential for the exposure of sensitive information such as credit card numbers. The sensitive information is visible to the operating system, the web server and the web application as well as to communications and data base software, device drivers and malware that infects any of this software. Additionally, in the event of a crash, this information is available in the clear in a core dump. As such, it is advantageous to provide a more secure processing environment for protecting sensitive data.